back to article The AN0M fake secure chat app may have been too clever for its own good

In April 1943, Japanese admiral Isoroku Yamamoto was killed when the US Air Force shot down the plane carrying him to Balalae Airfield in the Solomon Islands. The attack was made possible by the USA cracking Japanese codes and decrypting a message that revealed Yamamoto’s flight plan would just take him within range of America …

  1. Anonymous Coward
    Anonymous Coward

    One Time Pads.

    What do you want to bet that anyone _really_ intent on secure communications will go back to using OTP's to ensure "The Man" can't decrypt their comms chatter? And what if they start using OTP's to encrypt noncritical chatter so that The Man has to decrypt exponentially more traffic only to find themselves the proud holder of someone's shopping list? I think I'll start using OTP's to encrypt everything too - perhaps a copy of "War and Peace" to give them something to read afterwards!

    1. Neil Barnes Silver badge
      Coat

      Re: One Time Pads.

      Time to write a one time pad generator... with perhaps just a touch of non-random about it?

    2. Anonymous Coward
      Anonymous Coward

      Re: One Time Pads.

      Anyway, my secret messages are encoded in every 14th and 29th letter in my FB posts, in ROT13 and the sequence determined by the alphabetical order of the 49th letter (as sorted alphabetically by their names in German). Every third word in Nynorsk; the rest equally divided between Swahili and English.

      There also may or may not also be some quite intentional compression artifacts in my influencer style Instagram posts. These could, for example and if they existed, be decoded into numbers that refer to pages and word counts in one particular edition of <redacted>. Of course, only the posts that include a word from the known list and show <redacted> is to be used.

      If you are willing to accept low bandwidth steganography can be quite hard to detect and decrypt. Heck, I can send morse code by alternating with foot I first step out of my front door with (using our agreed upon version the old Q-codes to speed things up a bit).

      As long as no one has the decrypts written down in a notebook in their back pocket...

      1. arachnoid2 Bronze badge

        Re: One Time Pads.

        One solution that came to mind the other day of swapping data covertly locally was to set up a battery operated wifi storage device in a convenient location, say near or even inside in the toilet ceiling of a fast food store. The recipient/s merely have to log in and download or upload any data that wants swapping, and all within plain view of anyone else dining there.

        1. Charles 9 Silver badge

          Re: One Time Pads.

          First Contact Problem again. Who's to say Alice and Bob are really Alice and Bob and one of them isn't really Gene posing as one of them?

          1. W.S.Gosset Silver badge

            Re: One Time Pads.

            ... which happens to be precisely how the police introduced the AN0M handsets in the first place.

            "PC Gene"

    3. Inkey
      Joke

      Re: One Time Pads.

      Crime and punishment ...shirly ?

      1. ShadowSystems

        At Inkey...

        I wonder how many heads would explode if the encrypted text was a work of Vogon poetry? =-D

    4. thames

      Re: One Time Pads.

      Or just use public key cryptography. It's well known and widely available.

      The problem with one time pads is that the key is as long as the message and you have to have a secure means of distributing the OTPs. If you can solve the OTP problem then they're great, but their use is limited by the inherent difficulty of this in most cases.

      They key exchange problem and the defeating traffic analysis problems are the big issues with any sort of Internet chat.

      Even public key cryptography has a pair of problem. One is doing the initial public key exchange. If someone can man in the middle all the conversations, he can substitute his own sets of keys during the initial exchange and man in the middle all the subsequent conversations. To really be sure, you would need to exchange keys in person with someone you can trust present who can vouch for the identity of each party.

      The other problem is the traffic analysis one. It is sometimes more useful to know who is talking to whom than it is to know what they are talking about. Find out who is talking to whom and you can find out what the organizational structure is, which can give you clues as to where to infiltrate it. When the secret police excuse their tapping everyone's conversations on the grounds that "we're only collecting metadata", then they're being disingenuous because the connections between people are what they really want to know anyway, rather than just someone saying "I'll have the thing we talked about to you a day later than the time we agreed".

      The whole idea of a special secure chat network dedicated to criminal activity is a bit dubious, and I don't mean from a moral or legal standpoint. I mean as in it is such a massive target for the police to infiltrate, and it is an evidence and criminal intelligence collection machine par excellence, that I can't see how anyone could think they could trust it. I certainly wouldn't.

      1. spellucci

        Re: One Time Pads.

        Keys can be exchanged securely in public, for example via Diffie-Hellman key exchange (https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange).

        But you are right as rain about the rest of it. If you want to communicate securely, don't use cell phones.

        1. John Brown (no body) Silver badge

          Re: One Time Pads.

          "But you are right as rain about the rest of it. If you want to communicate securely, don't use cell phones."

          Yes, but they are just sooooo convenient. And crims are arrogant, assuming they won't get caught. The bosses in particular have layers of underlings to give plausible deniability. They don't care if the underlings get caught so long as the money keeps flowing. Some minor inconvenience because some underling were caught is just a business expense.

          It's really not that different to how large corporations operate. "Won't someone rid me of this turbulent priest?"

          1. Michael Wojcik Silver badge

            Re: One Time Pads.

            As with everything in security, it comes down to economics. Strong OPSEC is extremely expensive. It's expensive in resources; it's expensive in opportunity costs; it's expensive in several ways in cognitive load, from planning and threat modeling to vigilance.

            Most people simply cannot devote enough resources to OPSEC to prevent targeted attacks.

            People who practice strong OPSEC and good spycraft generally are not very neurotypical; they have cognitive conditions that make it easier for them to obsess about the details of security vigilance.

            It's true that psychological studies suggest career criminals are particularly prone to overconfidence, which opposes strong OPSEC, and so they may be even more vulnerable than the populace in general to this sort of attack. But the reality is the vast majority of human beings are simply incapable of or unwilling to defend against attacks which target channels they value highly.

        2. Almost Me
          Big Brother

          Re: One Time Pads.

          The problem isn't the key exchange, it's knowing who you just exchanged keys with is the right person and not a man in the middle.

          1. Charles 9 Silver badge

            Re: One Time Pads.

            It's what I call the First Contact Problem.

            How can Alice and Bob be sure they're talking to whom they're supposed to be talking if they've never met before and have nothing in common?

            1. Nifty Silver badge

              Re: One Time Pads.

              Didn't Tor solve this conundrum?

              1. Michael Wojcik Silver badge

                Re: One Time Pads.

                How do you think Tor solves peer-identity problems?

                (And the post upthread is incorrect. Authentication is important, but key exchange is still a problem with OTPs, for a number of reasons: size, synchronization, re-keying, interception if there are flaws in the Kx protocol or implementation, etc. People love to talk about using OTPs but generally disregard most of the many issues with them.)

            2. dmesg
              Big Brother

              Re: One Time Pads.

              https://en.wikipedia.org/wiki/Web_of_trust. It's about the best you can do, unless you want to posit a trusted central authority. Right, I thought so.

      2. Cynic_999 Silver badge

        Re: One Time Pads.

        "

        If someone can man in the middle all the conversations, he can substitute his own sets of keys during the initial exchange and man in the middle all the subsequent conversations. To really be sure, you would need to exchange keys in person with someone you can trust present who can vouch for the identity of each party.

        "

        The usual way to overcome that is to publish your public key on a public forum or a public repository. If someone manages to hack into that forum/repository and change the key, you will know as soon as you log onto that forum and see that the key you published has changed. Similarly, if someone were to publish a bogus key to the public platform in your name, you would see that fraudulent post. You can then shout long and loud in clear emails and messages that someone is trying to impersonate you.

        In addition you can send your public key to the other party via several different routes. Public forums, email, social media etc. The other party can verify that they are all the same. The probability that an imposter will be able to intercept and change every copy you sent is as close to zero as makes no difference.

        1. Charles 9 Silver badge

          Re: One Time Pads.

          "The usual way to overcome that is to publish your public key on a public forum or a public repository. If someone manages to hack into that forum/repository and change the key, you will know as soon as you log onto that forum and see that the key you published has changed. Similarly, if someone were to publish a bogus key to the public platform in your name, you would see that fraudulent post. You can then shout long and loud in clear emails and messages that someone is trying to impersonate you."

          The problem behind that problem, of course, is that if someone is impersonating you, they can just turn the tables on you and say your attempts to cry impersonator are themselves that of an impersonator. Now you're trapped in a "he said, she said" conundrum, and in a First Contact Problem, there's no shared context with which to make the ultimate judgment. It becomes a coin flip.

          1. MatthewSt Silver badge
            Black Helicopters

            Re: One Time Pads.

            Or... you could publish it somewhere _and_ make a stink about it not being you but secretly tell people that it is you! Plausible deniability and misdirection...

          2. Cynic_999 Silver badge

            Re: One Time Pads.

            "

            The problem behind that problem, of course, is that if someone is impersonating you, they can just turn the tables on you and say your attempts to cry impersonator are themselves that of an impersonator.

            "

            Depends how you know the person you are wishing to communicate with. If there is doubt about whether the key really was sent by the right person, your first message to that person could be to ask them to send something or answer a question that only the right person would be capable of doing. They then supply what you asked for, signed with the public key in question.

            1. Charles 9 Silver badge

              Re: One Time Pads.

              In which case you become a Trent and have the ability to vouch for Alice. But in the First Contact Problem, there's no such Trent since Alice and Bob have nothing in common.

            2. Michael Wojcik Silver badge

              Re: One Time Pads.

              And now we're requiring three channels. Let's see if we can convolute this protocol into requiring four.

              OTPs don't scale, full stop. They are useful in a very small subset of use cases for cryptography. Folks need to stop hunting unicorns and get real.

    5. cantankerous swineherd Silver badge

      Re: One Time Pads.

      first distribute your key material...

      1. John Robson Silver badge
        Joke

        Re: One Time Pads.

        Just encrypt it with a OTP....

    6. DrXym Silver badge

      Re: One Time Pads.

      Going back to the WW2 analogues, Churchill and Roosevelt conversed over a system called SIGSALY. It compressed their speech, combined it with random noise stored on a special record, and sent it to the other end and where a duplicate record would remove the noise and play out the voice.

      The distribution of the OTPs and the equipment needed to operate calls must have been a huge pain in the arse, justified only by being the most secret of conversations. The rest of the time they would have used more conventional crypto

      The issue with distribution is the same today - crims would need to meet face to face in order to exchange OTPs, or they'd have to have a secure means to transfer it, e.g. a courier who can be trusted. Maybe it would work for the kingpins but I doubt it would lower down the hierarchy.

      1. W.S.Gosset Silver badge

        Re: One Time Pads.

        "Silk & Cyanide" is a book I thoroughly recommend. By the head of WWII SOE Crypto.

        You'll be staggered at how easily they busted most codes. By a combo of rigour and lateral thinking.

        And you'll get the inside story of why they fought to require One Time Pads, plus all the practical problems which remained. OTP protection still got busted... (And agents died)

        Title explanation: silk for what they printed everything on; cyanide for suicide capsule all the agents were issued with.

    7. Anonymous Coward
      Anonymous Coward

      Re: One Time Pads.

      Isn't perfect forward secrecy the equivalunt of OTP? I'm not a crypto guy, so just asking.

      1. Michael Wojcik Silver badge

        Re: One Time Pads.

        It's a perfectly good question; I don't know why it was downvoted.

        The OTP protocol, if done perfectly (truly random pad with a perfectly random distribution, secure key exchange, blah blah blah), produces a ciphertext for which all possible plaintexts of the same length are equally probable. Combine it with some plaintext splitting and padding to add noise to the length signal, or use a protocol such as chaffing to interfere with traffic analysis, and you have as close to a perfectly secure communications channel as possible.1

        Perfect Forward Security (PFS) doesn't affect the strength of the protocol, algorithm, or key used to affect the message. It's a feature of the key-exchange protocol. So it's an apples-and-oranges comparison; where OTP is a protocol for encrypting a message, PFS is part of a key-exchange protocol.

        PFS simply says "use a unique set of parameters for anonymous key-agreement each time you do key exchange". As an example, look at the evolution of SSL/TLS:

        Prior to TLSv1.3, it was very common to use RSA, or Diffie-Hellman (discrete or ECC) with a fixed key, to do key exchange. That is, one side would create a random session key for symmetric encryption of messages, then encrypt it with the peer's public RSA key, and send it to the peer, who would decrypt it using their private key. Or they'd do DH agreement but using a fixed set of parameters.

        The problem with this is a well-resourced adversary can save encrypted messages and work on getting that RSA private key (by cracking, or by subverting a machine that has a copy of it, or various other means), or breaking the fixed DH parameters (this was the "WeakDH" part of the Logjam/WeakDH vulnerability a few years ago). Then they could go back through that archive of saved messages and decrypt them.

        With PFS, the peers do anonymous DH key agreement to generate a different key each time. If an adversary breaks the key agreement for one session and gets that session key, they only get that one session; they don't get all the others they might have saved.

        PFS is such a useful property that all the TLSv1.3 suites use it.

        But after key exchange, those suites are doing conventional symmetric encryption (nearly always with AES, though there's also a ChaCha20-Poly1305 suite, and experimental post-quantum ones). They're not using OTPs, and so the entropy in the key is always (in practice) much smaller than the size of the message.

        1This is a gloss. "Secure" doesn't mean anything outside the context of a threat model, and there are certainly plausible models where, for example, using a steganographic channel in addition to the other factors would reduce the threat further.

    8. Graham Cobb Silver badge

      Re: One Time Pads.

      As touched on by other replies, OTP is not a solution to any problem which exists today.

      OTP is a solution to the crackability design faults of earlier codes (such as Enigma). But today's codes are (in practice) already uncrackable without the key as long as the key is long enough. Of course, there can always be a software bug, or a deliberate backdoor, in the app doing the coding (as in AN0M) - but that is just as true for a OTP coding app.

      Steganography is slightly more useful because your enemy not even knowing there is a code there will help reduce things like traffic analysis. The only way that really works is a "numbers station" type of approach where you send out random data all the time, and only some of it decodes successfully but you don't know what unless you have the key, But, in real practice, even steganography will be conducted by an app and that app is just as much a weak point as AN0M was.

    9. A.P. Veening Silver badge

      Re: One Time Pads.

      I think I'll start using OTP's to encrypt everything too - perhaps a copy of "War and Peace" to give them something to read afterwards!

      The original Война и миръ, the more modern Война и мир or a translation? If the latter, what language? And in all cases, which edition? Curious minds need to know.

      1. krivine

        Re: One Time Pads.

        Upvoted for the pre-1918 spelling. ;-)

      2. John Savard Silver badge

        Re: One Time Pads.

        But that's not a one-time pad. The key has to be completely random, so that it cannot be predicted, even in theory. A key that is a meaningful text, even in a foreign language, does not have that characteristic. Not that a _hash_ wouldn't generate a reasonably secure cipher, even if still not a true OTP.

        1. Michael Wojcik Silver badge

          Re: One Time Pads.

          I think OP meant he'd encrypt War and Peace with an OTP to give the attackers something to chew on.

          But, of course, the appropriate number of bytes from /dev/urandom is already an OTP encryption of War and Peace. So is the same number of bytes from /dev/zero. You just have to compute the corresponding pad. (Hint: Try XOR.)

          1. martinusher Silver badge

            Re: One Time Pads.

            The /dev/random souce is only what we could call 'randomish' -- it will probably work fine for the occasional exchange of messages with my bank but I wouldn't like to got head to head with the NSA while relying on it. Fortunately there are relatively inexpensive hardware random number generators. They might not be as random as all that, either, but you could swap between a selection and give the eavesdroppers a serious headache.

    10. Persona Silver badge

      Re: One Time Pads.

      One time pads can have an amusing failure mode.

      https://www.theregister.com/2018/07/19/russia_one_time_pads_error_british/

    11. tfb Silver badge

      Re: One Time Pads.

      The only thing an OTP gets you is the ability to time-shift the problem of getting a lot of unencrypted information to the person you want to communicate with: if I want to communicate to my agents in the field I have to send the entire communication in plain. I can just arrange to send it last week, when I was in the same room as the agents.

    12. Michael Wojcik Silver badge

      Re: One Time Pads.

      One-time pads suffer from the same costs and failure modes as they always have. Key distribution is a problem: you need a secure channel to distribute the pad in the first place. Synchronization is a problem. Key storage and disaster recovery are problems. Ensuring they're truly random is a problem.

      People don't use OTPs for most use cases because they're infeasible for most use cases.

      And even where they are feasible, most data isn't valuable enough to justify the cost of OTPs.

      1. dmesg
        Big Brother

        Re: One Time Pads.

        They also suffer from resource exhaustion and human folly.

        Bob: Once you've used up the OTP that Alice handed you before you left on the mission, you're out of key. No more sending secret messages to Alice. You may be tempted to re-use your OTP but if you do this you've just committed a crypto cardinal sin and Eve, your opponent, WILL get you.

        There is a way to get around this, but you no longer have perfect secrecy. Alice can give you a seed value for a cryptographically strong pseudo-random number generator (PRNG). Using the seed, you can generate as many pseudo-random bits as you like. But "pseudo" is the key word here. The seed has to be large enough that Eve can't find it by brute force, the PRNG (design *and* implementation) has to be exceedingly good, and you still may be limited in the amount of information you encrypt. It's a *much* larger limit, but eventually you may generate enough traffic for Eve's cryptanalysts to crack.

    13. Anonymous Coward
      Anonymous Coward

      Re: One Time Pads.

      The main problem of one time pad is on agreeing on the initial secret key. That is its weakness. If you solve that issue every transmitted packet could use unique one time pad secret and also let know the other party of the next packet one time pad secret. Obviously for that to work the packet communication must be arriving in order as guaranteed by TCP. And if any packet fail the whole communication do fail. It has considerable overhead but it is damn secure except it has the weakness on how the initial packet one time pad secret is shared.

  2. Anonymous Coward
    Anonymous Coward

    Criminality

    A constant battle between greed, arrogance, stupidity and violence.

    My monies with the Plods.

    1. katrinab Silver badge

      Re: Criminality

      You have to remember that you only read about the ones that get caught. Despite all the massive drugs busts you read about, it doesn't really seem to impact the supply lines at all, people can still get them.

      1. Neil Barnes Silver badge

        Re: Criminality

        The ones that don't get caught get knighthoods and MBEs... er, allegedly.

        1. Anonymous Coward
          Anonymous Coward

          Re: Criminality

          Oxford University has the very nice Sackler Library, funded by drug dealing and untold resulting human misery. They really need to deal with that before worrying about Cecil Rhodes, whose victims are long dead.

          1. katrinab Silver badge

            Re: Criminality

            They are dealing with that. The students voted 89% in favour of removing the name. But that doesn't stop them focusing on Rhodes as well, in fact it is probably better to deal with all of them in one go.

          2. Dave314159ggggdffsdds Silver badge

            Re: Criminality

            The criticism of the Sacklers would carry more weight if any non-Jewish owned pharmaceutical companies involved in selling opiates were also criticised.

            As it is, it's plainly just far right propaganda.

            1. katrinab Silver badge

              Re: Criminality

              Do any of them have buildings named after them or statues in Oxford University?

              1. Eclectic Man Silver badge

                Re: Criminality

                Well, there is the Sackler Bridge in the Royal Botanical Gardens at Kew. Should I not walk across or photograph it now that we know where the money came from?

                https://www.kew.org/kew-gardens/whats-in-the-gardens/lake-and-sackler-crossing

              2. Dave314159ggggdffsdds Silver badge

                Re: Criminality

                Yes, of course.

            2. doublelayer Silver badge

              Re: Criminality

              "The criticism of the Sacklers would carry more weight if any non-Jewish owned pharmaceutical companies involved in selling opiates were also criticised."

              You mean like Insys (public), Johnson & Johnson (public), and Teva (public)? Although that last one does have its headquarters in Israel. But still, it's a lot of companies. Also, it's opioids that generated most of the protests. I'm guessing these won't change your opinion much.

              1. Dave314159ggggdffsdds Silver badge

                Re: Criminality

                Why would it change my opinion for you to cite things that prove my point? Those big public companies don't have major shareholders who are Jewish, and have not been criticised despite doing the same thing.

                1. doublelayer Silver badge

                  Re: Criminality

                  They have been criticized, sued, and some have entered bankruptcy. People protested outside them. They suffered consequences, as they should have. All of them, Purdue included.

                  1. Dave314159ggggdffsdds Silver badge

                    Re: Criminality

                    Yes. We're talking about the ongoing hate-campaign against the Sacklers, though.

      2. John Brown (no body) Silver badge

        Re: Criminality

        "Despite all the massive drugs busts you read about, it doesn't really seem to impact the supply lines at all, people can still get them."

        From what I've seen/heard/read, and not being user or have any links to the drugs trade, it appears there are significant price fluctuations in the periods after major drug confiscations. A ton or 3 of "pure" Bolivian Marching Powder coming in from South America is a LOT of dealer bags on the street. I'm thinking particularly of the UK here where the importation methods are little more limited than some other countries, what with being an island and all.

        1. Blazde Silver badge

          Re: Criminality

          At least where there's good data I think it's surprising how little street prices are affected by these international busts. I suspect outside of the big cities local disruption to dealer networks has way more impact on price, purity and availability. (Purity also may be more driven by how savvy users are than by supply & demand, since a lot of drug markets operate as near monopolies. The UK's cocaine purity has risen massively since test kits become common place and all the newspapers ran stories about how crappy their reporters were finding it).

          With the international busts there's always more supply ready to step in quickly, it just needs approval from those in control of the market. Import prices might jump to ease that extra supply but that's not passed down to street prices. The profit margins are such that it's in everyone's interest down the supply chain to keep decent stock on hand to smooth over disruption, and fluctuations in supply price are easily absorbed. A lot of it's on credit too so capital requirements aren't big and there isn't huge pressure to optimise for just-in-time supply. I suppose the other factor is that for some drugs if there are any supply issues close to street level a lot of substituting takes place, both at the cutting and buying level. There's also more mid and low-level importing over the internet these days which might help smooth over supply.

          Still, this bust seems unprecedented in scale and scope so it'll be interesting if it has much impact beyond hastening the rise of a fresh generation of smugglers more wary of phone apps than the last one.

      3. W.S.Gosset Silver badge

        Re: Criminality

        Point of this operation was to address precisely that problem: get the big boys upstream, not the foot soldiers.

        Ongoing news releases in Oz suggest that's going quite well.

    2. Anonymous Coward
      Anonymous Coward

      Re: Criminality

      Every time you build a better mousetrap, the mice get smarter & learn to avoid it. Sure you catch a few, but all that does is provide warnings to the smart ones to avoid said traps.

      "The moment you make something idiot proof, Mother Nature builds a better idiot to prove you wrong."

      1. terrythetech
        Facepalm

        Re: Criminality

        I once made something to be idiot proof. Unfortunately I gave it to somebody smart to test. They broke it.

      2. Anonymous Coward
        Anonymous Coward

        Re: Criminality

        So why not make something SO idiot-proof that beating it practically guarantees a Darwin Award?

      3. Michael Wojcik Silver badge

        Re: Criminality

        Every time you build a better mousetrap, the mice get smarter & learn to avoid it.

        Evidence, please.

        We still see criminals at all levels being caught by the same techniques that were being used a century ago. Suspects still waive their rights and self-incriminate in police interviews. Organizations still fall for undercover plants and confidential informants. The statistics I've seen show there's still a vast amount of criminal activity discussed by SMS, despite the widespread availability of more-secure (a very low bar) text-message applications; and there's still a huge amount of posting about criminal activity on social media.

        When criminals do employ technological countermeasures, they typically screw up OPSEC or make other procedural mistakes.

    3. Chris G Silver badge

      Re: Criminality

      To a cop, everybody is a potential criminal, it'just that they haven't found what your crime is yet.

      That is why they are so fond of having backdoors into any secure communications.

      Add to that the fact that govermments generally trust the people that voted them in far less than the voters trust them.

      That's why the likes of NSA and GCHQ has history of mass evesdropping on their own populations.

      If the fuzz have 'come out' on AN0M, it is because they think the crims have sussed them and the cops think they now have something better.

      Whether you are a crim or a normal member of the public don't assume that selecting 'do not track' means you won't be tracked.

      1. Velv
        Big Brother

        Re: Criminality

        "don't assume that selecting 'do not track' means you won't be tracked"

        First rule of spying on the population is specifically track anyone who has given any indication they would prefer not to be tracked

        1. Graham Cobb Silver badge

          Re: Criminality

          Which is exactly why we should all say, loudly, that we don't want to be tracked.

          I don't support privacy and anonymity because I have anything to hide. It is because I value investigative journalism, public protest, political activism, bringing politicians to account, privileged advice from lawyers and other people who need privacy and anonymity to help keep our society safe.

      2. John Brown (no body) Silver badge

        Re: Criminality

        "To a cop, everybody is a potential criminal, it'just that they haven't found what your crime is yet."

        A friend of mine used to be a cop. His attitude to that sort of comment is any cop thinking that way, well, it's time to get out of the law enforcement business.

        1. Anonymous Coward
          Anonymous Coward

          Re: Criminality

          "His attitude to that sort of comment is any cop thinking that way, well, it's time to get out of the law enforcement business."

          People tend to think on tramlines - and that is usually reinforced by the institution to which they belong.

          I have heard UK policemen say "We couldn't find anything to charge him with - but we'll get him next time". The bigger their career stakes - the more likely they want a charge and conviction for their CV. Of course any perverting of the law is done so there is no record. Numerous junior officers have discovered that "telling tales" about such things is not recommended if they want a comfortable life in the force.

    4. Anonymous Coward
      Anonymous Coward

      Re: A constant battle between greed, arrogance, stupidity and violence. My monies with the Plods.

      I dunno, some of the criminals are also greedy, arrogant, stupid and violent.

  3. Draco
    Windows

    Sounds like a PsyOp

    Law enforcement is always hammering on about how hard encryption makes their lives and the way to help them is to provide them with a master key to all encryption.

    But ... now they have AN0N - and it is so freakin' AMAZING that they have TOO MUCH data to deal with rather than too little, so the "obvious" thing to do is shut down the program and shout it from the rooftops.

    ------

    There are lots of things we don't know that could make any of the following true (there might be more possibilities, but I'm limiting myself to these two):

    1) AN0N is compromised, but its focus was so narrow that the recent bust clearly exposed AN0N as compromised.

    2) AN0N is not compromised, was known to be used in this case, but the bust was made by other means and this is a disinformation campaign against AN0N (and, probably, other similar types of apps).

    1. DJV Silver badge

      Re: Sounds like a PsyOp

      I like the way you encypted AN0M to AN0N throughout your entire post - made it very hard to decrypt and read!

  4. Pascal Monett Silver badge

    So, a backdoored encrypted chat, eh ?

    "law enforcement authorities around the world are well and truly committed to finding ways through and around encryption, wherever it is used by criminals "

    And I have no problem with that.

    What I have a problem with is those same authorities arguing that my Sync encryption should be backdoored, or that my PGP mail should be backdoored, or that my communications over Internet with my bank should be backdoored.

    No, they should not. It is what keeps criminals out of my affairs. If it so happens that it also keeps authorities out of my affairs, there is one big difference : criminals do not have warrants at their disposal.

    1. brotherelf

      Re: So, a backdoored encrypted chat, eh ?

      > criminals do not have warrants at their disposal.

      Well, unless…

      (judicial oversight doesn't scale either, btw)

    2. Michael Wojcik Silver badge

      Re: So, a backdoored encrypted chat, eh ?

      The problem with that is that in the US, at least, and presumably in most other jurisdictions, essentially everyone is already a de jure criminal, or at least in violation of some laws and regulations. The body of law is sufficiently broad and vague to capture all sorts of ordinary daily activities.

      See for example Chase, How to Become a Federal Criminal.

      In the AN0M case, I'm not bothered, because it was effectively opt-in – assuming the reports are accurate, the devices were only available through "underground" channels and so were only acquired by people already involved in the criminal network – and because it has a benefit to citizen privacy in demonstrating calls for backdoors in commodity encryption are unfounded.

      But in general, if criminals adopt commodity encryption for communications, that's too fucking bad for the LEOs. They'll have to go back to HUMINT rather than relying on SIGINT. Them's the breaks. I am in no way going to accept the proposition that "encryption, wherever it is used by criminals", is fair game. That way lies ubiquitous surveillance.

  5. Anonymous Coward
    Anonymous Coward

    Crims now know what not to trust, and how to stymie future infiltrations

    it was only going to work once anyway (like the suicide belt demonstration, or Snowden leak). That said, give it some time, the idea could be forked into something that only becomes blindingly obvious once it's pulled off.

    1. Michael Wojcik Silver badge

      Re: Crims now know what not to trust, and how to stymie future infiltrations

      Historically, most policing techniques continue to work even after criminals become familiar with them. The economics weigh strongly against the kind of vigilance criminals would need to observe to obstruct those techniques. I don't see any reason why the AN0M exploit wouldn't work again with trivial changes.

      The historical evidence shows that the criminal population is no better than the general population at learning from their mistakes. I'm not sure why so many people posting here think otherwise.

      IT folks haven't, generally speaking, learned from our mistakes, have we? How many SQL injections and BoFs have we seen this year? (A whole bunch, that's how many.) Why do y'all think criminals are more disciplined?

  6. Andy The Hat Silver badge

    How long ?

    The writer asked how long you should keep the ability to evesdrop secret.

    In the case of an encryption methodology - until it's compromised.

    In the case of a military type dictatorship - as long as possible as it aids your grip on power.

    In the case of the foremost democracy in the world - about 25 years whilst making money selling that encryption as secure communications technology to your allies so you could (theorectically) snoop on them. Yes that is the way Great Britain works ...

    1. Wim Ton

      Re: How long ?

      I first thought you referred to Switzerland.

  7. Anonymous South African Coward Silver badge

    I would've kept this thing tight under wraps, and never mentioned it.

    Now the cops will have to find another way of getting into the ne'er-do-well's lines of communications, and this time the ne'er-do-wells may turn the tables by sending cops on useless chases all over the country/world/galaxy.

    1. Warm Braw Silver badge

      I would in principle agree with you, but this isn't the first time that crims have put too much faith in a supposedly secure communications system.

      The reality is that all those wires and data centres are under someone's legal jurisdiction and are potentially under the control of law enforcement whether post hoc or ante hoc.

      Always a risky strategy trusting your liberty to "honour amongst thieves"...

      1. Doctor Syntax Silver badge

        Encrochat and ANOM's predecessor, Phantom Secure, started off as, shall we say, independent efforts. Their getting compromised could have been put down to bad luck and hoped for better next time. Now that criminals have been told explicitly that such off the shelf systems can't be trusted individual gangs might start commissioning their own. That introduces its own trust problems of course but assuming many of them aren't a multiplicity of small networks are going to yield much less reward for the effort needed to break into them.

        The alternative is that they simply move to using mainstream end-to-end systems giving even more weight to calls for these to be backdoored. The ongoing existence of separate criminal systems should really be an argument against the Patels of this world demanding that the rest of us shouldn't have secure communications for out legitimate day-to-day lives.

        How cynical is it to wonder if these public pronouncements are an attempt to bring that situation about?

        1. yetanotheraoc

          How cynical

          That was my first thought when El Reg covered the story some days ago. Criminals caught == backdoors good must be part of the simplistic reason for ending it this way. It doesn't matter if the police believe that equation, as long as the generally ignorant voting public finds it convincing. Of course, my cynicism is always turned up to eleven.

          The security industry can turn that argument around however. Generic backdoors are not needed, because targeted backdoors have been proven so effective. And the point made earlier about traffic analysis also does not require a generic backdoor to implement. Banging on about backdooring everything is so patently stupid, I am starting to wonder if it is also a disinformation campaign.

          Where did I put that tinfoil hat?

          1. Blazde Silver badge

            Re: How cynical

            If we're really getting cynical, how about the idea the FBI gave up the backdoor because they realised God Mode on the criminal comms threatened to make too many law enforcement jobs obsolete (also: 'now you have AN0M I assume you won't be needing this huge and very poorly accounted for CI budget?').

            At least leafing through reams of irrelevant Whatsapp convos requires serious numbers of analysts and proportionately high salaries for their managers. Plus it's more fun because of the smut. The criminals just geek out over crime non-stop, what a yawn fest.

        2. W.S.Gosset Silver badge

          > Now that criminals have been told explicitly that such off the shelf systems can't be trusted individual gangs might start commissioning their own.

          Oh they already have.

          The FBI didn't develop their handset ; they bought it off a crim hardware developer.

          1. W.S.Gosset Silver badge

            Hence the big PR splash. Plants the seeds of doubt re ALL such self-developed handsets, come propagation time.

            Social Engineering the crim networks.

            Cf posts here re the MitMs "Gene" and re Key Design Feature.

          2. Doctor Syntax Silver badge

            "they bought it off a crim hardware developer."

            Yes, they bought it off the shelf run via an off the shelf service. That's not the same as commissioning your own and running it without some other service provider.

    2. Charlie Clark Silver badge

      I think it's reasonable to assume they already have. The announcements serve several purposes: let the public know how good police tech is; force the low-hanging fruit to look for another solution and make them worry that it's been compromised.

      A-list gangs probably already use a-list encryption tools…

  8. vektorweg

    Budget

    I think, the reveal of the app rather had funding in mind. It looked pretty impressive what they did. Sure they gained favor and leverage for a budget boost.

    1. HildyJ Silver badge
      Holmes

      Re: Budget - It Makes Sense

      It's not just the positive publicity, it's the excuse for stopping because they couldn't keep up. If this doesn't show up as a budget request for more equipment and personnel, I'll be gobsmacked.

  9. naive Silver badge

    AN0N, lots of fuzz about ?....

    Catching a few mid tier crooks and some minor drug shipments.

    Since the Mexican cartels were not shutdown, it were just a few small fish caught in the net.

    The cartels are able to extend their operations into Europe, recently in the Netherlands a few meth-labs were discovered operated by South-Americans,.

    Solid communication equipment and the financial infrastructure to support this are required to enable this.

    The revenues of the Mexican cartels are estimated to be around 500 million dollars annually.

    That leaves them quite a budget to hire the best beautiful minds to develop some app and equipment to communicate securely using public access networks.

    1. Chris G Silver badge

      Re: AN0N, lots of fuzz about ?....

      I think you may be out by a couple of orders of magnitude according to the higher assessments.

      I suspect the Mexican cartels are responsible for more sniffy noses than the virus du jour.

    2. Spacedinvader

      Re: AN0N, lots of fuzz about ?....

      Your million should start with a B...

    3. WolfFan Silver badge

      Re: AN0N, lots of fuzz about ?....

      Mexico is in North America, not South America. Depending on your take on Central America, North America either ends at the southern Mexican border or the isthmus of Panama. North America also may/may not include assorted islands out to Greenland in the north and Trinidad in the south.

      The Mexican cartels are just the latest in a long list of others, not least being the Jamaican yardies, assorted Columbians, Peruvians, Brazilians, and others. Previous versions also included various mobsters from the US and Russia.

      1. John Brown (no body) Silver badge

        Re: AN0N, lots of fuzz about ?....

        And, of course, not forgetting the Bolivians and their Marching Powder. (Columbian Marching Powder also available) Those two seem to be the only ones associated with the phrase "Marching Powder".

  10. Eclectic Man Silver badge

    'Too much information'

    I am somewhat bemused by the idea that AN0M generated too much information for the plods to analyse. When GCHQ and the NSA have been trawling the Internet for everyone's communications and presumably have also been analysing it too. Maybe this is merely part of the campaign for more computers to analyse data?

    1. TRT Silver badge

      Re: 'Too much information'

      They could enlist the help of Google Ads...

      You're looking for a hit man in your locality. Read the reviews to find the best!

      1. Eclectic Man Silver badge
        Happy

        Re: 'Too much information'

        TRT: "You're looking for a hit man in your locality. Read the reviews to find the best!"

        From 'The Lion of Boaz-Jachin and Jachin-Boaz' by Russell Hoban:

        " Jachin-Boaz traded in maps. He bought and sold maps, and some, of certain kinds for special uses, he made or had others make for him. ... Maps of towns and plains he sold, and other maps made to order. He would sell a young man a map that showed where a particular girl might be found at different hours of the day. He sold husband maps and wife maps. He sold maps to poets that showed where thoughts of power and clarity had come to other poets. He sold well-digging maps. He sold vision-and-miracle maps to holy men, sickness-and-accident maps to physicians, money-and-jewel maps to thieves, and thief maps to the police."

        1. John Brown (no body) Silver badge

          Re: 'Too much information'

          "Jachin-Boaz"

          I think I may have just read that as Joan Baez and had some sort of weird discontinuity as I carried on reading :-)

    2. W.S.Gosset Silver badge

      Re: 'Too much information'

      > too much

      2.67 million messages in the last 2 weeks.

      2 other major crim crypto phone networks were shut down and the userbases migrated en masse. Dunno about the FBI but the Aussie AFP resources (responsible for all the core monitoring) were 3 men.

      1. W.S.Gosset Silver badge

        Re: 'Too much information'

        > 2.67 million*

        Up from 40-odd thousand* 6mths prior.

        Just to give a clearer picture of the degree of "surge".

        .

        .

        .

        * per fortnight

    3. dmesg
      Holmes

      Re: 'Too much information'

      Agreed. TMI just doesn't ring true. "The time limit on our warrants were about to expire" doesn't quite cut it either. Extend the warrants, going dark for a while if it takes time to get them renewed.

      I'm more inclined to believe the targets were getting wise.

  11. karlkarl Silver badge

    It is going to be a constant game of out smarting each other.

    However many people forget tech, forget ideas and forget history. So ultimately it won't go on forever until they are both infinitely hi-tech. Instead it will probably keep looping round and repeating itself.

    1. TRT Silver badge

      Yeah, but how many coders are going to want to risk working for organised crime involved in illegal activities when there are so many legal organisations involved in criminal activity?!

      1. John Brown (no body) Silver badge

        Not to mention the penalties for not honouring the NDA. Columbian Necktie anyone?

      2. jtaylor Bronze badge

        "how many coders are going to want to risk working for organised crime...."

        Plenty, if the pay is good enough. "We'll release your family unharmed upon completion of your task. You start work tomorrow."

        1. TRT Silver badge

          Depends on your attitude to family. I used to keep a picture of the wife and kids on my desk - a photo of the wife to remind me why I go to work in the morning and a photo of the kids to remind me why I bother going back at the end of the day.

        2. dmesg
          Boffin

          You start work tomorrow.

          This works for national governments too. Back in my student days in the 70's I returned home to see a housemate packing up and moving out, mid-semester. Turns out a certain Mid-East Petro State wanted his communications system expertise. (I once saw him pick up a phone and whistle a number of tones into it. He handed it to me, then described accurately what I heard as the connection went through various exchanges, telling me where each exchange was located. "Now, when it rings, hang up." I did. "That was the AT&T office in Puerto Rico".)

          The MEPS' intelligence service had contacted him and informed him that he now worked for them. Or else a former roommate and good friend, a MEPS citizen now living back home, would find life ... unpleasant. He explained to me that it was exactly the kind of job he was hoping for, even if they way it was offered him was less than optimal. He took it, but declined the offer of a wife. "I don't need a spy in my bed."

  12. Anonymous Coward
    Anonymous Coward

    Someone needs to invent a secure messenger, that in addition to providing encrypted comms, uses a neural network/GPT-2 style chat bot to generate millions of random fake identities, some of which have a criminal personality, and have them send messages all the time. Be such a morale hit to the cops, when the tenth crime syndicate in a row they think they're on the verge of cracking, turns out to be yet another AI fuelled hallucination.

    1. TRT Silver badge
      Holmes

      And the corollary of that is that someone needs to invent a chat bot which has the personality of a crime investigator - an "artificial police officer"... I'll avoid using the term AI for that, but see icon for an example of intelligent employment of deductive reasoning principles.

  13. Paul Hovnanian Silver badge

    Or maybe ...

    ... AN0M is just a cover story for a few well-placed informants within the criminal orgs.

    Added benefit: Criminals scrap all their coms gear in much the same way Harry Caul tears apart his own apartment (The Conversation).

    1. yetanotheraoc

      Re: Or maybe ...

      I like the way you think.

    2. Kanhef

      Re: Or maybe ...

      I was thinking it's been a clever psych ops mission. AN0M was distributed through a chain of trust, and according to other articles they initially pitched it to one kingpin (who interestingly enough, has not been arrested), and let him spread it to everyone else. After this, someone may well create a truly secure communication platform, but anyone who's been paying attention to the news will be paranoid that it's actually another backdoored system made by the cops. Even someone pushing to use an existing service like Signal would be viewed suspiciously; how can you prove that service is actually secure?

      1. W.S.Gosset Silver badge

        Re: Or maybe ...

        > initially pitched it to one kingpin

        FIVE (5) kingpins, actually, just in Australia; not sure about the ~20 other countries. Two of those (2) became the key propagators within Australia in terms of both trust and physical handsets.

        This was VERY clearly stated from the outset, so you now have an excellent data point in your own Trust, Verification, & Credibility process : the sources of your articles should not be trusted/relied on.

  14. tfb Silver badge
    Alien

    This claim makes limited sense.

    They say that the volume of content was too large. If this was actual chat (text) then surely a combination of traffic analysis and keyword / text analysis is actually reasonably easy to scale? Perhaps it's all streamed audio video or something which might make the problem harder, but traffic analysis would still be pretty interesting. Perhaps what's happened is that they initially 'marketed' the thing at criminals, but it's now seen take-up amongst too many other people so they can't find the signal from the noise? In which case there's presumably another tool being marketed to criminals which has replaced it.

    1. W.S.Gosset Silver badge

      Re: This claim makes limited sense.

      See my post above re massive surge vs tiny resources.

      1. tfb Silver badge
        Alien

        Re: This claim makes limited sense.

        I don't buy this. Assume at some time you're ('you' meaning 'humans') watching all the traffic through the app. And it increases vastly so you can't do that any more. Well, now just watch some of it – the subset of the traffic involving the people you were watching before say, which won't have increased vastly as people can only type so fast. Yes, you will be dropping potentially useful traffic on the floor (or: archiving it for later search if you nab people for other reasons). Well, that's a little better than never gathering it at all.

        This only makes sense if the traffic volumes were overwhelming the hardware which, assuming they're not running it on a ZX81, seems unlikely.

        So revealing it, I think, must be for some other reason. Perhaps they already knew the app was burned?

  15. John Savard Silver badge

    Kidnapping

    What worries me is that AN0M might lead to some organized crime syndicate kidnapping a programmer, so he can prepare a secure phone for them u nder their supervision.

    1. doublelayer Silver badge

      Re: Kidnapping

      That's already happened, repeatedly documented in Mexico which has a large number of communications engineers who can be kidnapped easily. I'm sure it happens elsewhere too. The problem they run into is twofold. First, an individual programmer may not be able to ensure security. Many are not cryptographers or security experts and may design a flawed system. The second is that they have no incentive to do it right and several to do it wrong--if they ever get out, they can use it to get police protection (E.G. El Chapo's communications administrator in the U.S.). So now they need to kidnap programmers to code review each other. At some point it becomes easier just to hire them and pay them enough that they're willing to break the law.

  16. DS999 Silver badge

    If one compromised chat app provided too much data

    How could the FBI hope to deal with a world where ALL chat apps have their wet dream government mandated backdoor? How much more volume is that, a million times more? Higher than that??

    They basically told us all the perfect comeback next time we hear them whine about iMessage, WhatsApp, Signal etc. causing criminal communications to "go dark" and they need changes to the law.

  17. arachnoid2 Bronze badge

    All your bases belong to us

    If the app had come to the end of its life or was about to be compromised, its one way of creating panic in the users of any encryption app because now they will be wondering what they can use.

  18. Anonymous Coward
    Anonymous Coward

    Just go from closed to open source

    I think gangs and crime bosses should anonymously donate 5-10% of their profits to free software projects. That money would pay for more developers. Projects could afford to pay bug bounties and security audits on a regular basis.

    1. tfb Silver badge
      Black Helicopters

      Re: Just go from closed to open source

      What makes you think they are not doing that? It certainly might be interesting to look hard at how various open source secure chat apps are funded.

    2. Graham Cobb Silver badge

      Re: Just go from closed to open source

      I am no expert but I suspect that crime bosses (like military people) are obsessed with secrecy and cannot get their heads around an open source app being safe because it has a secret key. However, I am sure it won't be long before the smartest crime bosses realise that and eventually that knowledge will trickle down.

      The problem (for the crims) is that the open source apps normally run on general purpose (and NOT AT ALL secure) devices. They need secure devices, with secure OS's - that is much harder to achieve than the app. But I am sure there are a few criminal orgs employing someone to look into making a secure platform based on a few CrowdSupply open hardware components and a minimal OS (not even a Linux kernel). I can imagine it wouldn't take long to create a small wifi-only tablet-like device running just a secure open-source messaging app - after all it is only a few steps up from the fairly common hobbyist "display your email on an IoT box on your bathroom wall while reprogramming your central heating at the same time on an ESP8266" type of projects.

  19. Grinning Bandicoot

    First off I will say that I'm not a poker player. If you should play you will take home some of my money. Now that being said there is a ploy called 'BLUFF' where your play is such your hand is better then what you hold. If the other players suspect this ploy they can adjust and of course you can make a counter ploy. So if the ANOM is known to have a back door, the savvy user either continues as before with the knowledge of that your traffic has a few unknown 'bcc', double encrypt, or shift to a new service. If you encrypt,it says you suspect an unauthorized reader (maybe) or if you shift, you invite attention to your activities which you really don't want. If you remain with ANOM, it might be deemed that you are a right wing liberal with privacy fetish. Traffic analysis gives an idea where 'readers' should concentrate their work. Another consideration is this new service honest or are the 'readers' waiting? BLUFF and BLUFF again.

    My personal choice is Steganography. For those that have played with the old rotor type fax once used by the news services you know about the random noise that is scattered across the copy. This can be used to conceal the traffic and have part of the key attached..

    An offense is always probing for a way to carry out its mission! A static defense just asks to be attacked and bypassed.

  20. W.S.Gosset Silver badge
    Thumb Up

    One-Shot-Only was a Key Design Feature

    The concerns raised in the article were actually explicitly designed in as a Feature:

    As was repeatedly stated, a key design goal for the wrap-up was a fundamental and profound degradation of Trust within the crim social networks.

    70s-style comms was mentioned explicitly a few times. Examples mentioned as contrast to instant handheld transnational group conversations: notes passed individually hand-to-hand, people meeting up at beaches and wading out into the surf in order to be able to have a safe conversation, "like they used to have to in the 70s".

    They were critically seeking to achieve a sea-change in Friction and Speed. To chop tech out as an option. Hence the large and loud announcements.

    Job Done, I'd say. And done well.

  21. Man inna barrel

    The whole point of this was to convict criminals

    It would be rather odd to have such a useful tool for fighting crime, and then not use it, for fear the criminals would find out. More than that, it would surely be a terrible wasted opportunity to avoid using the tool too openly, only to have the criminals find out about it anyway, thus making it far less useful. So you use the tool to get as many convictions as you can while you have a chance. Moreover, since this big blast will show your hand, you might as well get an added bonus of sowing fear and doubt among the enemy.

    I am not sure how much long term benefit will come from actions like this. The illicit drug trade is far better funded than any law enforcement agency, as far as I know. This problem was pointed in a documentary I saw, on prohibition in the USA. This measure had the unintended effect of creating opportunities for a hugely profitable illicit trade in alcohol. At the same time, very little funding was provided for enforcement of the prohibition laws. The criminal gangs simply bribed whole police departments, to remove the inconveniences of law enforcement. And the documentary pointed out that, far from reducing the ill effects of alcohol abuse, this actually got worse during prohibition.

  22. Robert Carnegie Silver badge

    It all applies to Enemies of the State generally, doesn't it. Democratic politicians, journalists, Union organisers.

    Is "1984* propaganda against tyranny, or propaganda for it? Spoiler if you haven't read it - the State gets you in the end. The State gets everybody.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021